H. Peter Anvin wrote: > > > I don't believe libpwdb should be in any spec. From my perspective and > > > that of others that have contributed to PAM, libpwdb was a fine idea > > > back in the dark ages but now NSS is available (glibc), the case for > > > libpwdb is much deminished. I would like to see NSS better documented > > > though. ;) > > > > Red Hat agrees with this, fwiw (and the pwdb author (gafton) is probably > > the strongest advocate of not using it). > > > > So, in other words, PAM and NSS does provide all necessary > functionality?
I sincerely hope so. PAM is an authentication management thing, and most PAM modules make pretty extensive use of things like getpwnam() for uid/name & gid/group information - nicely supplied by NSS. I believe that the only place they confusingly overlap is where NSS provides a password field in the returned *(struct passwd *). In a networked/automated world in which passwords are a less and less appropriate means of authenticating, I'd like to see this legacy piece of fluff go away. PAM provides pluggable authentication which is supposed to obviate the need for applications to ever see this sort of authentication detail. Not to mention programs like 'ls' and 'id'... IIRC, POSIX did not require the password field in (struct passwd), which IMHO seems to be a much overlooked but important piece of forward thinking... Cheers Andrew
